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DETAILED ACTION 

CLAIMS PRESENTED 

Claims 1-12 are presented. 

CLAIM REJECTIONS 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

1. Claim 2 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the enablement 
requirement. The claim(s) contains subject matter which was not described in the specification in such a 
way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to 
make and/or use the invention. The claim cites that "the file comprises retrieval and verification 
information." Applicant's specification does not mention the file comprising this information nor does it 
define them. For purposes of examination, examiner interprets that applicant intends to mean that the file 
is encrypted. Appropriate correction is required. 

2. Claim 7 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the enablement 
requirement. The claim(s) contains subject matter which was not described in the specification in such a 
way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to 
make and/or use the invention. The claim cites the limitation, "statistics in a database". The specification 
does not define what these statistics are. For purposes of examination, examiner interprets this to mean 
the authentication information gathered from the client is compared to information stored on the server, 
appropriate correction is required. 

3. Claims 8-9 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the 
enablement requirement. The claim(s) contains subject matter which was not described in the 
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specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most 
nearly connected, to make and/or use the invention. The claims cite a secure catalog database. The 
specification does not mention a secure catalog database. It is unclear to examiner what applicant 
intends a secure catalog database to mean. For purposes of examination, examiner interprets a secure 
catalog database to be a database that stores client identification information that is only accessible by 
authorized parties. Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tsao, US 
PGP No. 20030079016, and further in view of Wenocur et al, US PGP No. 
20020194501. 
As per claim 1 : 
Tsao teaches: 

A method processing one or more files using a security application, the method comprising: 
connecting the client to a proxy server, the proxy server being coupled to one or more NAS servers; 

[see fig. 1A, client (element 18), proxy server (elements 14 and 16), NAS servers (element 12)] 
requesting for a file from a client to the proxy server; 

[see fig. 3C, element 58] 
authenticating a requesting user of the client; 

[see ftg. 3C, element 74] 
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authorizing the requesting user for the file requested; 

[see paragraphs 46-47] 
requesting for the file from the one or more NAS servers after authenticating and authorizing; 

[see fig. 3C, elements 62 and 74] 
requesting for the file from the one or more storage elements; 

[see fig. 3C, elements 62 and 74] 
transferring the file from the one or more storage elements through the NAS server to the proxy server; 

[see paragraph 38] 
transferring the processed file to the user of the client. 

[see fig. 3B, element 54] 

Tsao does not explicitly teach the following: 

determining header information on the file at the proxy server; 
identifying a policy based upon the header information at the proxy server; 

Wenocur teaches the limitations cited above that are not explicitly taught by Tsao: 

determining header information on the file at the proxy server; 

identifying a policy based upon the header information at the proxy server; 

[see paragraphs 630-632] It would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify the Tsao invention to include the above limitations taught by 
Wenocur in order to implement policy based network management (see Putzolu, US Patent No. 
6578076). 

Neither Tsao or Wenocur explicitly cite the following: 

processing the file according to the policy, the processing including decompressing the file, decrypting the 
file, and verifying the file. 
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It is well known in the art to compress files in storage, it is also well known to encrypt files as 
disclosed in applicant's specification. It would have been obvious to one of ordinary skill in the art to 
modify the above invention taught by Tsao to compress files for storage as well as encrypting the files for 
security reasons. It would have been further obvious to decompress and decrypt these files for use by 
the client. Verifying the file would be obvious as well in order to make sure that the file transferred isn't 
corrupted or erroneously decrypted/decompressed. 

As per claim 2: 

The method of claim 1 wherein the file comprises retrieval and verification information. 
[see rejection of claim 1 wherein the file is encrypted.] 

As per claims 3 and 4: 

The method of claim 1 wherein the decryption is provided by a NIST approved process. 
[see Wenocur, paragraph 626, "triple-DES, AES"] 

As per claim 5: 

The method of claim 1 wherein the verifying comprises processing a keyed message authentication code. 
[see Wenocur, 630-632, "Key-ID"] 

As per claim 6: 

The method of claim 5 wherein the keyed message authentication code is generated using a SHA-1 or 
MD-5 or SHA-512. 

[see Wenocur, paragraph 632] 



As per claim 7: 
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The method of claim 1 further comprising determining one or more statistics in a database on a security 
device. 

[see rejection of claim 1 wherein the client was authenticated] 

As per claims 8 and 9: 

Neither Tsao or Wenocur specifically teach the use of a secure catalog database or using a 
secure catalog database to detect intrusions. It would have been obvious to one of ordinary skill 
in the art to which the subject matter pertains to modify the Tsao and Wenocur inventions to allow 
the server to maintain a secure database of client verification and authentication information. 
Therefore, repeated failed attempts to access the server using incorrect authentication 
information can be used to detect possible attackers. 

As per claim 10: 

The method of claim 1 further comprising adding information associated to positional integrity to the file. 
[see Wenocur, paragraph 1069] 

As per claim 11: 

The method of claim 1 further comprising generating a signature record on the file to detect any 
modification of the file. 

[see Wenocur, paragraph 271] 

As per claim 12: 

The method of claim 1 further comprising identifying a number of blocks stored within a database, the 
database including the file. 

[see Wenocur, paragraph 615] 
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CONCLUSION 



The art made of record and not relied upon is considered pertinent to applicant's disclosure. 
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Alexandria, VA 22314 
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be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 

be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 

this application or proceeding is assigned is 571-273-8300, 
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